• Home
  • News
  • Novel Space Bears Ransomware Infects 7

Novel Space Bears Ransomware Infects 7

Bogdan Pătru

By Bogdan Pătru . 30 April 2024

Tech Writer

Alex Popa

Fact-Checked this

Newcomer Space Bears announced 7 victims today, marking their first important ransomware operation. This is currently an unknown actor in the ransomware sphere, as its presence was only noted several days ago for the first time.

  • The 7 victims are spread across 4 countries: Germany, Norway, the US, and South Africa
  • The hackers posted the evidence of the breaches on their brand-new leak website
  • As the images show, some of the victims have had their data exposed, suggesting that they’ve refused to negotiate
  • The remaining victims have up to a week to contact the hackers are either pay the ransom or figure out another settlement

Ransomware attacks have been on a visible rise during 2023 with a whopping 55.5% increase in the number of victims. According to the latest statistics, Q2 and Q3 of 2023 have amassed more attacks than the entire previous year.

As was expected, the most prominent figures in the ransomware sphere have remained the usual suspects: ALPHV (BlackCat), Cl0p, and, of course, LockBit. Not only that, but it seems like the trend keeps increasing in Q1 of 2024.

X showing the Space Bears attack on the 7 victims
https://twitter.com/FalconFeedsio/status/1784926268930363632

Overall, there have been approximately 5,070 victims throughout 2023, with LockBit 3.0 leading the pack as the most prolific gang. The most severe ransomware campaign belongs to MOVEit, though.

As the numbers show, out of the over 5,000 victims, more than half (2,175) have been located in the US. According to FBI and independent analysts, it is projected that ransomware gangs will reach new heights in 2024.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

What to Expect?

According to specialists, the current trend is worrying, to say the least, and it’s all linked to MOVEit’s breakthrough.

“Without a doubt, the MOVEit campaign will be remembered as the most successful campaign this year, teaching us the importance of supply chain attacks (…) Ransomware groups will climb to new heights in 2024, targeting supply chain infrastructures while relying on phishing, leaked credentials, and social engineering techniques.”

But it’s not all bad. Several major operations have taken place in 2023, targeting major players in the ransomware sphere. One of them was Hive, the largest and most influential ransomware actor at that time. The operation was a success.

According to US Attorney General Merrick Garland, a coalition of 13 law enforcement agencies, including Europol and German agencies, managed to destroy Hive. The agents gained access to over 1,000 decryption keys.

Another notable event took place in February of 2024, when the FBI, along with Europol and other international agencies, attacked LockBit. Operation Cronos managed to infiltrate the notorious organization but not the backup servers.

This allowed LockBit to bounce back shortly after and reorganize its ranks. Despite that, the operation was not a total failure. The FBI gained access to over 30,000 Bitcoin addresses, the information of over 188 affiliates, and hundreds of decryption keys.

This shows that law enforcement agencies are set on turning the tides, which appears to be more challenging than ever. Especially in today’s context, when ransomware gangs multiply seemingly uncontrollable.

Leave a Comment